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BcenceinfonrieAionbefona issuing the yc»nos and ^xi8tmg^etok8a The access module then encodes ^ upd^ed token 

before returning d to the server. Becausetheverificat»n and issuing function d a token are performed by a so^^ 

appficatbn, the 4¥^>Bcatk)n rather than the server becomes the poirrtd attach Reverse engmeerir^ 

tiie access modUe is less rewarding tfian attacklr^ the server because the module reveals the contents of a smafi fraction 

of a database of fiofiinoes. 



FIG. I r 




CD 

CD 

ro 
i>o 

CO 



NelDOrtc 



At Isett ocw daring original^ filed was tafonrarf anl to print 



1/6 




FIG. i 



2/6 



Deuetoper Site 



License 
Production 
Tool 



55 




RPC 



License 
fldmlnistration 
Tool 




Licensing Llbrory 



flpplicotion 







enseV^ 



20 



LRM 




18 



Detabase 



27 



RG. 2 



Customer Site 



f 

V 



3/6 




5/6 




MEIIO) FXSt FSOIECXIMG AGAn^ ^ 

OF SQFIWARE IN A ODMPUTER NEmOMC mnSOOmi 

BACKGRQiiMn HP JHF [NYFriTIPN 

The present Invention relates to a method for protecfing against 
the unauthorized use of a software appncation in a computer network 
environment. 

2. ARTBACKf^ROlIMn 

A computer network is typically an interconnection of machines or 
agents over finks or catrfes. The open access characteristics of a computer 
networi^ presents opportunities for the unauthorized copyir^ of software, thus 
erocfing the Jcenslng revenue potential of software developers. Traditionally, 
either the entire network must be Bcensed (commonly referred to as a site 
Scense), or each node where the sofhware is lun must l>e Bcensed (commonly 
referred to as a node license). A node refers to a single machine, agent or 
system in a computer network. A Gcense is an authorizatton ghren ty a 
software developer to a customer to use a sofhvare appScation in a spedfic 
manner 

A site Bcense lets aH users at a des^nated location or networfc 
use the software appncation, regardless of their positton on the network. This 
flat-fee opptoaOi is an overidH for a low usage software appGcation. A node 
ioense not only ties a software appOcation to a particular machine in a 
network, (Hit also is not cost effective fbr the infrequent use of a software 
application. See, Ibr example. US. Patent No. 4.688,169. Furthennore. If new 
users of Doensed nodes wish to use the software appScatton. they are often 
required to purchase addHional licenses. 

An alternative to a site Bcense or a node license is the concept of 
a concurrent usage Bcense. A concun-ent usage license restricts the number 
of users allowed to use a software application at any given time, regardless of 
their locaiion on the nelworic. Just as renters check out available copies of a 



movie video from a video rental store, users on a network check out a software 
application from an agent on a first-come-first-seive basis* Thus, a concunent 
usage Gcense charges a fee for the use of a software appHcalion prcqxMtional 
to as ad^ use. 

Methods U) Gcense a software appScatkm for concurrent use in a 
network environment are currently offered by hCghiand Software, inc. and 
ApoHo Computer, Inc. See. M. Olson and P. Levine. ^Concurrent Access 
Ucensing", Unix Re\new. September 1988. Vol, 6. No. 9. In general, the 
license for a software appKcatlon is stored In a database controlled by a 
license server. A license server is a program that not only stores the license, 
but also verifies the user's credentials before checMng out the Gcense to the 
authenticated user. To protect against the authorized use, these methods to 
Gcense concurrent usage rely on s^red communications such as 
public/private key encryption. Under pubte/private key encryptkin. eadi user 
of the system has two keys, one of which Is generaiV km>wn to the ptdrfc. and 
the other which is pr^ate. The private transformatk)n usirig the private key is 
related to the pubGc one using the pubic key but the private key cannot be 
computationaliy determined from the pubSc key. See Denrring, D., 
Cryp^rat^hy and Data SacurUy. Addison-Wesley. 1S82. The encryption key 
is hUden in the Gcense server to encrypt the database of Gcenses. Well 
designed publk:^'vate key encryptton schemes are difTicutt to crack, 
espedally If the Gcense sen^r is tocated in a trusted environment A trusted 
em^ronment is one whose access is Gmited to users ham'ng the proper 
credenfials. However, a Gcense server Is more Ikely to be bcaled at a 
customers Site and hence bi an hostile environment, tt follows that the Gcense 
sen^r is vulnerable to sophistic^ed intniders. Once the private k^ is 
decrypted* ail sensitive information on the license server such ^ Gcenses are 
compromteed. 



it is therefore an object of the present invention to provide a more secure 
method to protect against the unauthorized use of software in a concurrent use 
licensing environment 



SUMMARY OF THE INVENTION 

The present invenfion provides to the software application the 
vertfiCdtion arKi Scense che(A out functions wNch are normally performed by a 
5 license server, "nie preferred embodiment of the present Invention comprises a 
computer network induding a plurality of agents njnning at least one license 
server and at least one software appOcaiion. The icense server controls a 
database of an agent containing the license information for the software 
£4)plication. The Bcense Infomiation is contained in a ficense token, and Is 

1 0 stored in the database controlled by the Ecense server. The Scense token is a 
special Ut pattern or packet which is encrypted the software vendor of the 
application software. The software appl^on communicates with the license 
server through a iicensir^ library. The licensing library Is a collection of Ebrary 
routines that the software appEcalion Invokes to lecpjesl or renew a Bcense 

15 from the license server. Before a software appBcation obtains a Rcense, ttie 
Ecense token must be decoded by a Scense access module. The Ucense 
access module, vMdh is Inked with the software appGcatton and the licensing 
fibraiy Is a program that decodes the license td(en from a vendor ^edfic 
format to a Bcensing library format. 

20 

When an user wshes to run a software an>fiC8!ion. the Bcensing Cbrary 
invokes a call to request a Ecense tckw from the Scense sender. In contrast to 
the prtor art where the Ecense server either grants or denies the request after 
verifying the user's credentials, the license server in the preferred emt)odiment 

25 of the present invention finds the correct Ecense token for the software 

application and transmits the Scense token to the Bcensing Ebrary. The Ecense 
access module attached to the Eoensing Ovary decodes the Ecensing token. 
Routines in the licensing Bbrary coupfed to the software applicatton verify the 
Ecense information before checking out the Bcense and updating the license 

30 token. The ficense access moAile encodes the updated Ecense token before 
returning it to the Ecense sender. 

-4- 



Because the verification and check out function of a bcense token are 
performed by a software application, the software appfication rather than the 
fioense serve^ becomes the point of attack by unauthorized users. Reverse 
engineering the ficense access module is less rewarding than attacking the 
5 loense server because the license access module reveals the contents of a 
fraction of a database of fioenses. By the time most attackers crack the Gcense 
access module, the software venddrs woukt most Ekely introduce newer 
versions of the software appScation and new Dcense access modules for them. 
Thus the present invention provkies a more secure method for protecting 
1 0 agdnst the unauthorized use of a software appCcatton In a computer networic 
environment vrithout modifying the undertying computer network. 
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pRIpp nPRnPiPTinM QPTHg DRAWINGS 

Rgure 1 illustrates a network en^rironment employing the present 
invention. 

5 

Figure 2 describes the architecture of a network Gcensing scheme 
employing the preferred emt>odiment of the present invention. 

Figure 3 descrtt>es the installation of a iioense token in the prefenred 
1 0 emisodiment of the present invention. 

Figure 4a ilhistrates the use of a license token to reqMest a license from 
a Ocense server in the preferred embodiment of the present invenfion. , 

1 5 Figure 4b ilhistrates the use of a loense token to renew a iioense from 

a license server in the prefenred endKxfiment of the present invention. 

Rgure 4c illustrates the use of a Bcense token to release a Scense from 
a Bcense server in the preferred embodiment of tiie present invention. 
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NOTATION AND KIQMgMCI ATliPP 



The detaited description that follows is presented ia/gely In tenns of 
algorithms and symboGc representations of operations on data bits and data 
5 staichires within a computer memory. These a^rithmic descriptions and 
representations are the means used by those skilled in the data processing arts 
to most effectively convey the substance of their work to others skilled in the 
ail 

1 0 An algorithm is here, and generally, conceh^ to be a seff-conslstent 

sequence of steps leading to a desired result These steps are those requiring 
physical man^lation of physical quantities. Usually, though not necessarily, 
these quantities take the forni of electrical or magnetic signals capable of being 
stored, transferred, combined, compared, and othennfee n^nipulatedL It proves 

1 5 convenient at times, prindpal^ for reasons of common uss^e. to refer to these 
signals as bit pattems, values, elements, symbols, characters, data packages, 
or the ike. K shouU be borne in mind, however, that an of these and similar 
terms are to be associated with the appropriate physical quantities and are 
merely convenient l£d>els applied to these (^lantities. 

20 

Further, the manipulations perfonned are often referred to in terms, such 
as adding or comparing, that are commonly associated with mental operations 
performed l>y a human operator. No such capability of a human operator is 
necessary, or desirable in most cases, in any of the operatibns described 

25 herein that form part of the present invention: the operattons are machine 
operations. Useful machines for perfdnring the operations of the present 
invention include general purpose digital computers or other similar devkses. In 
aB cases there shouU be borne in mind the cfisGncfion between the method of 
operations In operating a computer and the method of computation itself. The 

30 present inventton relates to method steps for operating a computer in 

processing electrical or other (e.g. mechanical, chemlcaO physical signals to 
generate other desired physical signals. 
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The present invention also relates to an apparatus (or performing these 
operations. This apparatus be spetially constructed for the laquired 
pulses, or ft comprise a general purpose computer as selectively 
5 activated or reconfigured 1^ a computer program stored in the computer. The 
algorithms presented herein are not inherently related to any particular 
computer or other apparatus. In paiticuiar. various general purpose machines 
may t>e used with programs written in accordance with the teachings herein, or 
it may prove more convenierrt to constaict a more spedafized apparatus to 
1 0 perform the required method steps. The required structure for a variety of these 
machines will appear from the description given i>elow. 
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DETAILED nPSCBlPTinM np j ^e IMVPunnn 



The foltowing detaiisd description i$ divided into several sections. The 
first of these sections describes a general network environment for accessing a 
5 datalMse of licensed software programs. Subsequent sections discuss the 
details of a method for protecting against the unauthorized use of a software 
appTication. 



I Geneml Metwnfk Pf^fT^pn^pny 

10 

Referrijig to Figure 1, computer network environmem comprises a 
piuraiHy of data processing devices identified generally by numerals 10 
through 10" (iilustiated as 10. 10' and 10"). These data processing devices 
may include terminals, personal computers, workstaffons. minicomputer. 
15 mainframes and even supercomputers. For the purposes of this Specification, 
all data processing devices which are coupled to the present invention's 
network are collectively referred to as -agents", it should be understood that 
the agents m^ be manufactured by <fifferent vendors and may also use 
different operating systems such as MS-DOS. UNIX. OSK, MAC OS and 
20 others. Particular examples of suitable agents include macWnes manufactured 
by Sun Microsystems. Inc.. Moumain View. CaBf. Each of the agents has an 
. input device such as a Iceyboard 11. 11' and 11" or a mouse 12. 12' and 
12". As shown, agents 10 through 10" CiUustrated as 10. 10' and lO") are 
interconnected for data transfer to one another by a common csbie 13. It wiH be 

25 appreciated by one skilled In the art that the common cable 13 may comprise 
arv shared meda. such as coaxial cable, fiber optics, radio channel and the 
ike. Furthermore, the network resulting from the interconnection of the cable 
13 and agents 10 through lo" (illustrated as 10. 10* and 10") may assume a 
variety of topotogies. such as ring, star. bus. and may also include a collection 

30 of smaller networks Inked l}y gateways or bridges. 
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Referring again to Rgura 1 is a icense samce 14. The fioense 
service 14 is a resource shared every agent connected to the network. In 
the preferred embodiment of the present Invention, the icense sendee 14 
comprises license servers 15 through 15« fiflustrated as 15. 15* and 15™) 

S and databases 17 through 17«« fiBustrated as 17, IT and 17«»), where m Is 
less than or equa! to n, A Doense server is a program that mns on an agent with 
a memory storage capability. Each Ecense senfer 15 (iHustrated as 15, 15* 
and 15") communicates with a database 17 stored In menK^ry on the ^ent 
over en Interface 16 (iflustrated as 16, 16* and le*"). As wifl be described In 

1 0 detail below, the database 17 stores licensing information for various software 
appfications which are purchased and authorized to run in the computer 
networt( environment The ficense server is not fcnited to am on a specifc 
agent, but can operate on any agent including the agent on which the user is to 
operate the application. Thus, any agent connected to the netwoifc may 

15 function as a license server as well as ade^ on which a werms^r operate 
application software. As mil be described below, the fcense server does not 
perform verification of Ticenses of ef^ficalion software: rather the Ficense sen^r 
Is passive and provides storing, locking, logging, and crash recovering 
function for the appficaflon software. 

20 

Rgura 2 illustrates the architecture of a networic Eoensing scheme of 
the present Invention. The architecture comprises a database 18. dat£d>ase 
Interface 19, Icense sewer 20. Scensing library 24. Ucense access module 
27, Bcense adminislratton tool 21, Ecense sendee Under 29. and Hcense 
25 production tool 34. 

The database 18 stores Bcensing information and applk^'on usage 
data. Preferably the database 18 comprises a plurality of records which 
contain the following informatton: 
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Database Element 


Descriotion 


Unique Key Table 


Keys for all other tables 


Vendor Table 


Vendor's ID and name 


Product Table 


Product number and name 


Version Table 


Version number and date 


License Ts^le 


License t.fixp date, total units 


License Token Tabie 


Stores encoded license token 


Unit Group Tabie 


A group's attocatton of Bcense 


Group List Table 


Nameofthegioup 


Allowed Users Table 


Credentials of allowed users 


Current License Use Table 


Applications using a license 


Uck Table 


Locked records In database 


Authorized administrator Table 


Login names of administrators 


License Operation Log Table 


Administrator's k>g information 


License Usage Log Tabie 


Fie<^est handle plus Client Log 


License Queue Log Table 


Ucense wait c^eue 


Application Message Log Table 


Application specific messages 



A database interlace 19 provides communication between the ficense 
server 20 and the database 18 in onier to prevent concurrent access to the 
same database record by nuiHipte users which can cause the data in the 
record to become corrupted. . Thus» only the owner of the loc^ can read from 
25 and write to the locked record during the usage of the appfication. 

The Gcense server 20 operates on an agent and interfaces the database 
16 to Icense administration tool 21. licensing Kbr^ 24 and license service 
binder 29. The Gcense server 20 communtoates with the license 
30 administration tool 21, Hcenslng library 24 and ficense service binder 29 via 
an interface 23. Preferably the interface 23 is a remote procedure call 
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mechanism which permits a process opeialing on one device or agent 
connected to the network to request a lesouroe or service from a remote device 
or agent connected to the network. See A. Krren and B. Nelson. Tmplemenlino 
Remote Prooedura Calls.' ACM TramacSon on Computer ^stams. Februa^ 
5 1984. Vol 2. No. 1. 

Multiple icense senwrs may on nKrfliple agents. Preferabtythe 
license senw 20 operates in a liackground mode of the agent such that its 
operation is transparent to a user of that agent. MorepaHiculaiV.aswnbe 
10 described below, tiieficense server 20 prevkjm the foik)wingkinctions:1) 
ser>Ming the requeste from the Icensing Gbrary 24 for foense tolten; (2) 
maintaining a wait queue for requests to the database 18 when no icensing 
units are available: (3) generating locks for txdusivo access to database 
18: and (4) provkSng access to infonnallon in the dats^Mtse 18. 

15 

The licensing Ibtary 24 Is a set of Bbrary reufines which enable the 
appfication 26 to request Boensing sei>noe from the Boense se«er 20. l^n 
receiving the rwquest for sen^ice from the Boensing Ibraiy 24, the Bcense 
server 20 retrieves a Bcense token from the database 18 and transmits it to the 

20 licensing Bbrary 24. The iioena'ng ibraiy 24 is Enked with the appScation 26 
wid ctHnmunieates with the Bcense server 20 over a path 28 with, preferably, 
a remote proceckire call mechartsm 23. Among the major Bbraiy calls In the 
Bcensing ibraiy 24 Is the appTtcalion's request for a Bcense from the license 
senwr2a Other Impoitam ibraiy caRsfaidUde the request to renew and to 

25 laiease a Bcense. The use of the Bcense token to accon^ish the reqvest for 
the various Bcensing service wU be descrOwd in deteil betow. 

The Bcense access module (LAM) 27 is prepared by the software 
vendor 24 to decode the Rcense token. Once decoded, the appficatkm 26 via 
30 routines in the Bcensing Bbraiy verifies the Boensing information in the flcense 
token and deterndnes whether a fcense nuy be dtedted out. The LAM 27 
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also encodes the license token before the application returns it to the database 
18 via license server 20. The license access module 27 is described in 
further detail below. 

The ficense administration tool 21 is utilized the network administiator 
to perform adntinistratlve functions relevant to the concurrent usage of a 
softw^ application. The Dcense administration tool 21 may run on any agent 
connected to the computer network. The f cense administration tool 21 is 
primarily used to install the license token into the database 18 through the 
license server 20. The functionafity of the icense adn^nlstration tool 21 
Includes: (1) starting or temiinaling a foense server* (2) accessing a database 
controlled by a license server; and (3) generating and printing reports on 
license usage. 

The applteation 26 may not access the database 18 dirKtiy; rather, the 
request for a Gcense Is made through the Kcensing library 24 to the license 
server 20 over a path 28. Most netwodc icensing schemes employ secured . 
communicatton between the ficenslng Q>rary 24 and the Ecense server 20. In 
contrasts the present Invention uses the icense access module (l^M) 27 the 
Gcense libraiy 24 and a pluraCty of license tokens to protect against the 
unauthorized use of software application in a computer network. 

Refem'ng once again to Figure 2, a icense service binder 29 Is shown 
coupled to the Bcense server 20 over a path 30. The Scense service lender 
29 is Invoked by means known In the art. such as a network service program. 
Ibe Scense senrice binder 29 tocates an sgenis that are designated as sen/ers 
on the nehivortc, and keeps track of which sen/er is senridng which applicaikm. 
The Scense service binder 29 contacts each sen^r on its table of available 
servers and requests a Sst of products it serves. Rnally the ficense sendee 
binder 29 writes the contents of the table of avaulable Scense servers and the 
est of produce into a bincEng file 32 over a path 31. In Figure 2, the binding 
file 32 is coupled to the Iteensing library 24 over a path 33. The application 26 
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queries the binding tile 32 to see vrtiich license sen/er can service He request 
for a license. 

A f cense production tod 34 is used t)y the sotlware vendor to crease a 
Ecense token for transmittal to the network adntf nistrator. ReoeMng the license 
token, the network aAnfnistrator installs it vrith the Goense administration tool 21 
into the database 18 through license server 20. 

H,Lk»nse Token 

Referring to Hgure 3« the creation of a Ooensi token in a computer 
network employing the prefenred embodiment of the present Invention mil be 
described. A computer network 38 Is shown cwfted \Mth a license 
administration tool 39 and a single ficense server 44. The icense server 44 
communicates with a database 45. Appfcatk>n$ 41. 42, arKl 43 are shown 
requesting licensing service from the fcense server 44. When a customer 
purchases a license for an af^iication. such as a CAO/CAM program for its 
research and development department, the software vendor creates a ficense 
token with a Hcense production tool, and defivers the ficense token to the 
customer's network administrator, A Gcense token is a special tA pattern or 
pad^et representing a license to use a software appfica&>n. The network 
admlnistralQf installs the ficense token 46 Into the database of the ficense 
server using the license adntinistration tool 39. Unfike the token used in a 
token rir^ which is passed from agent to agent, a Gcense token in the preferred 
embodimem of the present invention is passed only between a ficense server 
and a ficensing Ebrary for a predetermined amount of time. The predetermined 
amount of fime conresponds to the time the ficense token is checked out of the 
Icense server. Currents, the fcense token Is checked out to an a(H>Bcation for 
no nK>re than ten seconds* and the iCBtm Mcen is returned as qulddy as 
possible to the issuing Ecense server. The ficense token 46 contains 
Information encrypted in the vendor's fonnat such as .vendor Uentiftcatton, 
product and version numbers as well as the number of Gcense units purchased 
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for tKd Gcense token. A ioense unit corresponGfs to the Soense weighting for an 
agent connected to the computer neiwofk. Fbrexaniple.powerftil workstations 
could require more ficense units to use a software q>pltcation than an average 
personal computer. 

6 

The software vendor produces a license token using a license 
production tool 40. A path 47 ifhjstrates how a tk^ense token 46* makes its 
way to a icense administraljon tool 39 at the customer's site. There, the 
system administrator instalis the icense token 46" as Bcense token 46 imo the 

10 Rcense datat>ase 45 of the icense server 44. A path 48 faxScates the transfer 
of the ficense token 46' from the icense adrrynistration tool 39 to the ficense 
server 44 and into the datat>a$e 45 as Bcense token 46. The Bcense seiver 
44 is now ready to entertain requests from applkattons 41« 42, and 43 for a 
lioense to use the appfication corresporKfing to token 46 as weB as other 

1 5 applications represented in Its datat^ase 45. 

it shouU be understood that each n^worfc may have a lAiraBty of 
license senders and each ficense server mey have in its database a (rturali^ of 
license tokens tor a variety of software appTicattons. Referring again to Rgure 

20 3,if QH^ication A41 recyiests and ched(S out the Gcense token 46 for less 
than ten seconds, appGcations B and C 42, 43 would be unaMe to check out 
. the ioense token 46 if their requests were made during the same time 
api^cation 41 Is checking out a icense from the icense token 46 because of 
the locking mechanism provided tydaid)aseMerface 19. Thus, to achieve 

25 ooncurrertf Gcense usage in network 38. it is preferred that the network 
admim'straior bistaOs more than one icense server. To minimize the task of 
recovering from ficense server crashes, it is ato preferred that the q^stem 
administrator spreads the ficense units tor any one appttcatlon among a 
phirafity of strategicaliy located Boense sen^. For instance, H a network has 

30 four ficense servers, the network administrator may want to allocate the twenty 
license units for a particular popular appficatfon among four ficense tokens with 



-15- 



five iioanse unite (or each license token. In the event one Icense server 
crashes or the ioense token is checked out, the other three Ooense servers 
may provide ioensing service to other appDcatkMis. 

Figure 4a iliwtrates the use of a Ioense token to request for a Scense. 
As shown, a ntfwork 50 is provided, and is coupled to AppCcattons 52,54 
and 56 respectively. AppBcatton 56 succeeded in requesting a iteense token 
from the license se^er 58 in step 59. The Gcense token is transrritted to 
apptkatton 56 in step 60. When done. AppScation 56 reUims the Ocense 
token to the Icense server 58 In step 61. Aside from the Icense request 
function perfomied with the Dcense td^n as shown in Rgure 4a, the Ik^nse 
token is also used in other criticai stages of the Goensing process. For 
example, an user may wish to nin an appScatton beyond the inHiai altocated 
Vime. As stown in Hgure 4b. AppOcatton 68 makes a Icense renewal 
request 71 from the Icense sender 70 wdh Scense t<*en 72. Siniitarty, in 
Figure 4e the user makes a Ucense release request 83 when the Bpf^HcaOon 
no longer needs the Ioense units. As such, tiie i^t^xfates the Scense token 
84 by returning tiie t^Kiated Eoense token to the Ioense server 82 in step 85« 

III. Ursansfl Aeeess Module 
In ngure 2, a Ioense access nmlirie (LMf) 27 is Inked with «ie 
applcation 26 and the Gcenslng ibraiy 24 to forni the executable code that 
software vendors ship to tfie customers. The Icense access module 27 
decodes and encodes the encrypted Eoense token as It is being passed 
between the Ocense server and the BoensingBNary 24. Thus the level of 
security of an applcation from unauthorized use depends heavOy upon how 
secure the license access module is. 

Conventfonal networtc Bcensing schemes pubOc/^fvate key 
encryption to encode sensfth^lnfonnation. Such a scheme is effecthreH the 
license server Is in a tnisted enw^ronmenl However, the customer has the 



-16- 



same access to any agent In a network, inducfing ttie Hcense server. The 
security of the Goensing scheme can be compromised t>y a user who decr^ 
the Boense server's private key. Onoe the unauthorized user detemiines the 
server's private key, he can decrypt afl sensitive information on ttie Soense 
5 sen/er. Should aH Itoense servers use the same key. as is frequently done, 
then afl the secufi^ of the applications served by afl the fioense servers wdll t>e 
compromised. 

The loense access module 27 first translates a foense token from a 
0 vendor specific format to a fomiat usable by the GcensingB)rary 24. The 
loense access module acoon^ilishes the translatfon in two modules. One 
moAile translates or decodes a lioense token frnn a vendor ^MNilic format to a 
ioensing ttMary fomoL The second module translates or encodes the undated 
ioense token from the iteensino fibrary fonnatfo the vendor spedGc fbnnaL 
The second module is invoked anyfime the licensing IttMaiy updates the 
InformatkM In a icense token. 

Uponreoehrmgthefoenseti^intheficensing Bbrary format, the 
Bcensing tomty Invokes routines whteh vsrfiy the correctness of the lioense by 
reviewing the fbDounng lioense Information stored in the token: (1 ) flag. (2) 
maintenance contract date. (3) host name and domain. (4) proAict name, (5) 
host id number. (6) teense serial number, and (7) expiration date of license. 
This Is compared to the information maintdned by the appfication. Mthe 
Information matches, the icense is verified. After completing 9» verifttation 
process, a routine in the Gcensing Ibrary is initialed which checks out the 

Icense by deoementing the icense units m Icense token by the number of 
icenslng units being checked out 

The decoding and encoding routines aihiw software vendors to 
implement their own secuitfy mechanism to protect their Ocenses from 
unauthorized use even though they reside at the customer's site. 
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Bdlow i$ an example of a sample applicafion using the fcenstr^ library 
and the Ooense access mcKtuie written in C language: 

5 «define UC RENEWAL TIME (60) /Get renewal lime for this session/ 

fdefine ESt.LIC.I?ENEWALTlME (LKLRENEWAL.TIME x .9) 

NUjvendorJd Nl^Venctor id « 1223: /set vendor #/ 

NLprod num NL Prod.num « "Or /set produd #/ 

1 0 NLverslon NkVerdon « ( 1 2«SW88, '1 ,0" ); /set version ki #/ 

status m NLJnit (vendor^id, NUiX. &i0bjd); /iniUalize Icense service/ 
if (status k NL.NGLERROR} /accept jot> id if no error/ 

1 5 4)rintf (siderr, *nlJrA f^ied - error « 

%d^*, status ); /errcr n«6ssage if error and 

return/ 

return; 
} 

20 units* 3: 

code funcs.encode^ « nl encode; /pointer to encode function/ 
code'luncs.decode j> » nijdecode; /pointer to decode function/ 
if (signal (SIGALRM)« alarmjntr ) mm {vM *) -1) /set alarm if no 

error/ 

25 { 

penror fCannot set SfGAUUyT): /otherwise, error message/ 
return; 

status m NL request Qobjd, fO^Prod^ftum. Request a Ecense/ 
30 &NL Version, 

units, UC RENEWALJHME. NL^lil^RCH. 
&code.furk:s, NULt^ 
&req.handle, NUIi., &appJnfo); 

If (status U HI NO ERROR) /no error, fcense checked 

35 { * Mt from icense server/ 

^rintf (stderr, *nLr^u^ failed • error « 
%dte*. status); /otherwise, error message/ 

latum; 
) 

* We got a license /icense request successful/ 

•/ 

alarm (EST^UC^RENEWALJTIME); /set alarm for icense renewal 
45 ^ ^ ^ finm/ 

/application Runs /mns application/ 

" status - NL release (rea.handie); /request to release a icense/ 
If (status Im NL_NO_ERROR) 
50 { 

fjprintf (stderr, •nLrslease failed • error » /tothen^vJse. error 
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%dVn\ status); 
, f0tum; 
) 



5 



int 

alamyntr 0 



status • NLjconfirm (r^L'^fi^. 
UC^RENEWALjriME, NULL); 



/renew Gcensing unK with 
licensii^ server/ 



10 



* Verify vencfor private infonnation 
V 

) 
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It (status!- NL.NO.ERROR) 

fprintf (stderr» *nLconfirm failed - error « 

%\n\ status); 



/Mheiwisa, error 
message/ 



puts ffioense renewecf) 



/successful Bcense 
renewal/ 
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The sample application given above Is accompanied self- 
explanatory annotation to the right margm of the codes. Of particular interest 
are codeJunc.encodej> and codejuncdecodej). Encode j> ani decodej) 
are pointers to the software vendors encode and decode roufines, 

25 respecth^ty- Taking the pointers in the code June variable, ttie icensing 
ibrary can use the piMnters to invoke the decoding and encoding routines In 
the Bcense access module. The three major Bcensing fibrary routines, request 
lor a Dcense (NL^recyjest), release a Bcense (NL^release) and renew a ficense 
(NLjconfirm) Invoke the decodng and encoding rmitines. For example of a 

30 fioense access nrKx&ile« see Appendix 1. 

In implementing the license access module, the foense server becomes 
merely a repository for Icensetdoens. The icensing Ibrary coupled to the 
application performs the procedure of authenticating the Icense token prior to 
35 granting a license and therefore access to run the appBcation. 

Because the level of security of the system is cDctated by the Ucense 
access module, the software vendors are free to make the Soense access 
module as simple or as complex as they des*re. In partkxtlar, they are free to 
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adopt any of the encryption schemes as part of their encrypt Hthe 
security mechanism is broken, and the enor^on known to others, then the 
software vendors can easily remedy the situation by releastrn} a new version of 
the product Yitth a new lioense access module. 

S 

While the present invention has been particularly described wMh 
reference to Figures 1-4 as weH as Appencfix 1, and with emphasis on certain 
language in Implementing a method to protect against the unauthorized use of 
software application in a computer network emrinonment* it shouU be 

1 0 understood that they are for fflustration only and shouM not be taken as 
limitation i4>on the Invention. Inaddltion, it is dear that the method of the 
present invention tias utility in any application run in a computer network 
environment It is contemplated that many changes and mocfifk:ations may be 
made, one sMtted in the art, vOhoiA departing from the Sfrirft and scope of 

15 the invention cfisckised above. 



•20- 



21 



CLAIMS 

!• In a computer networlic environment including a 

plurality of software applications licensed to run on at 
least one network of agents , said applications located on 
said agents wherein use of the application on a particular 
agent is permitted upon the grant of a license, said 
license being requested by a user from said agent of said 
applications, a system for protecting against the 
unauthorized use of said applications comprising: 

license token means for storing licensing 
information of said applications; license server means 
connected to said agents for communicating with said 
applications, said license server means having a database 
which stores said license token means, said license server 
means further retrieving said license token means froa 
said database upon a request for a license by said 
applications, said license server means further 
transmitting said license token means to said 
applications; 

license access means connected to said agents 
for decoding and encoding said license token means from 
said license server means, said license access means being 
integrated with said applications, said license access 
means receiving said license token means from said license 
server means; and 

licensing library means connected to said agents 
for verifying said decoded license token means before 
access to said license is granted, said licensing library 
means being integrated with said applications* 

2. The system as defined in claim 1, wherein each 

said license token means containing licensing information 
for at least one version of each said applications. 
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3« The system as defined in claim If wherein the 

contents of said license token means is encrypted. 

4« The system as defined in claim 1, vherein said 

license token means is passed between said license server 
means and said licensing library means for a predetermined 
time period. 

5* The license token means as defined in claim 4^ 

vherein during said predetermined time period, only one 
said applications may check out one said license token 
means. 

6. The system as defined in claim 1, wherein said 
license server means receives said request for a license 
from said applications « said license server searches in 
said database for a license token means storing the 
license requested by said application before retrieving 
said license token means. 

7. The system as defined in claim 1, vherein said 
license access means decodes the contents of said license 
token means before said licensing library means verifies 
said license token means. 

8. The system as defined in claim 1, wherein said 
license access means encodes said license token means 
after said licensing library verifies said license token 
means and prior to returning said license token means to 
said license server means. 

9. The system as defined in claim 1, vherein said 
licensing library verifies said license token means by 
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comparing the licensing information stored in said license 
token means vith the licensing Information maintained hf 
said application* 

10. The system as defined in claim 1, vherein said 

licensing library means checks out said license of said 
application in response to a positive comparison of the 
license information* 

11« The licensing library means as defined in claim 

10, wherein said license for said application being 
checked out after said licensing library verifies said 
license token means. 

12. In a computer network environment including m 

plurality of software applications licensed to run on at 
least one network of agents y said applications located on 
said agents wherein use of the application on a particular 
agent is permitted upon the grant of a license, said 
license being requested by a user from said agent of said 
applications, a system for protecting against the 
unauthorised use of said applications comprising: 

license token means for storing licenslog 
information of said applications; 

license server means connected to said agents 
for communicating with said applications, said license 
server means having a database which stores said license 
token means, said license server means further retrieving 
said license token means from said database upon a request 
for a license by said applications, said license server 
means further transmitting said license token means to 
said applications; 
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license access means connected to said 
application and accessible from said agents for decoding 
and encoding said license token means from said license 
senrer means , said license access means being integrated 
with said applications; 

licensing library means connected to said 
application and accessible from said agents for verifying 
said decoded license token means before access to said 
license is granted, said licensing library means being 
integrated with said applications; and 

license binding means connected to said license 
server means and to said licensing library means for 
constructing a binding file* said binding file informing 
said licensing library means vhich of said license server 
means may grant a license to said application* 

13» The system as defined in claim 12, vhereln said 

licensing library means are located on the same agents as 
said applications. 

14. The system as defined in claim 12, wherein said 
license sever means are located on the same agents as said 
licensing library means • 

15. The system as defined in claim 12, wherein each 
said license token means contains licensing information 
for at least one version of each of said applications* 

16* The system as defined in claim 12, wherein the 

contents of said license means is encrypted. 

17. The system as defined in claim 12, wherein said 

license token means is passed between said license server 
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means and said licensing library means for a predetermined 
time period* 

18 • The license token means as defined in claim 17 , 

vherein, during said predetermined time period, only one 
of said applications may check out one said license token 
means* 

19* The system as defined in claim 12, vherein aaid 

license server means further transmit said license token 
means to said licensing library means* 

20* The system as defined in claim 12, vherein said 

license access means decodes the contents of said license 
token means before said licensing library means verifies 
said license token means. 

21* The system as defined in claim 12, wherein said 

license access means encodes said license token means 
after said licensing library verifies said license token 
means and prior to returning said license token means to 
said license server means* 

22* The system as defined in claim 12, vherein said 

license binding means constructs said binding file by 
contracting each aaid license server means to request for 
a list of applications it serves, said binding file 
containing said list of applications available from said 
license server means* 

23* In a computer network environment including a 

plurality of software applications licensed to run on at 
least one network of agents, said applications located on 
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said agents wherein use of the aiyplication on a particular 
agent is permitted upon the grant of a license, said 
license being requested by a user from said agent of said 
applications 9 a system for protecting against the 
unauthorised use of said applications substantially as 
hereinbefore described with reference to the accompanying 
drawings • 
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